CVE Database As of 11-20-2019

CVE-2006-0678

Impact by CVSS Score
  • ID: CVE-2006-0678
Summary:

PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553.

Exploitability Analysis: Local

A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account. Examples of locally exploitable vulnerabilities are peripheral attacks such as Firewire/USB DMA attacks, and local privilege escalations (e.g., sudo).

Exploitability Complexity: Medium

The access conditions are somewhat specialized; the following are examples: The attacking party is limited to a group of systems or users at some level of authorization, possibly untrusted. Some information must be gathered before a successful attack can be launched. The affected configuration is non-default, and is not commonly configured (e.g., a vulnerability present when a server performs user account authentication via a specific scheme, but not present for another authentication scheme). The attack requires a small amount of social engineering that might occasionally fool cautious users (e.g., phishing attacks that modify a web browser’s status bar to show a false link, having to be on someone’s “buddy” list before sending an IM exploit).

Authentication: Single_instance

One instance of authentication is required to access and exploit the vulnerability.

Confidentiality Impact: None

There is no impact to the confidentiality of the system.

Integrity Impact: None

There is no impact to the integrity of the system.

Availability Impact: Partial

There is reduced performance or interruptions in resource availability. An example is a network-based flood attack that permits a limited number of successful connections to an Internet service.

Products Affected

cpe:/a:postgresql:postgresql:7.3

cpe:/a:postgresql:postgresql:7.3.1

cpe:/a:postgresql:postgresql:7.3.2

cpe:/a:postgresql:postgresql:7.3.3

cpe:/a:postgresql:postgresql:7.3.4

cpe:/a:postgresql:postgresql:7.3.5

cpe:/a:postgresql:postgresql:7.3.6

cpe:/a:postgresql:postgresql:7.3.7

cpe:/a:postgresql:postgresql:7.3.8

cpe:/a:postgresql:postgresql:7.3.9

cpe:/a:postgresql:postgresql:7.3.10

cpe:/a:postgresql:postgresql:7.3.11

cpe:/a:postgresql:postgresql:7.3.12

cpe:/a:postgresql:postgresql:7.3.13

cpe:/a:postgresql:postgresql:7.4

cpe:/a:postgresql:postgresql:7.4.1

cpe:/a:postgresql:postgresql:7.4.2

cpe:/a:postgresql:postgresql:7.4.3

cpe:/a:postgresql:postgresql:7.4.4

cpe:/a:postgresql:postgresql:7.4.5

cpe:/a:postgresql:postgresql:7.4.6

cpe:/a:postgresql:postgresql:7.4.7

cpe:/a:postgresql:postgresql:7.4.8

cpe:/a:postgresql:postgresql:7.4.9

cpe:/a:postgresql:postgresql:7.4.10

cpe:/a:postgresql:postgresql:7.4.11

cpe:/a:postgresql:postgresql:8.0

cpe:/a:postgresql:postgresql:8.0.1

cpe:/a:postgresql:postgresql:8.0.2

cpe:/a:postgresql:postgresql:8.0.3

cpe:/a:postgresql:postgresql:8.0.4

cpe:/a:postgresql:postgresql:8.0.5

cpe:/a:postgresql:postgresql:8.0.6

cpe:/a:postgresql:postgresql:8.1

cpe:/a:postgresql:postgresql:8.1.1

cpe:/a:postgresql:postgresql:8.1.2


Search
Impact
Low
CVSS Score
1.5
Created
2006-02-14 14:06:00
Modified
2018-10-19 11:45:49

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be